Bug 496838 - rhn_package_manager won't upload signed packages
rhn_package_manager won't upload signed packages
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Proxy Server (Show other bugs)
0.6
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Lestach
Jesus M. Rodriguez
:
Depends On:
Blocks: space06
  Show dependency treegraph
 
Reported: 2009-04-21 08:34 EDT by Rob James
Modified: 2009-09-10 08:05 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 497059 (view as bug list)
Environment:
Last Closed: 2009-09-10 08:05:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob James 2009-04-21 08:34:15 EDT
Signed a package with rpm --resign. Verfied as below:

# rpm --checksig hpadu-8.26-1.noarch.rpm 
hpadu-8.26-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

Create custom channel in Spacewalk and try to use rhn_package_manager from the Proxy to add package (tried with several different packages):

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm 
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Upload error: ERROR: hpadu-8.26-1.noarch.rpm: unsigned rpm (use --nosig to force)

Using --nosig works fine:

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm --nosig
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Uploading batch:
		hpadu-8.26-1.noarch.rpm
Uploaded: hpadu-8.26-1.noarch.rpm
Copying hpadu-8.26-1.noarch.rpm to /var/spool/rhn-proxy/rhn/hpadu/8.26-1/i386/hpadu-8.26-1.i386.rpm

Tried to dig into why myself but it's beyond me :/
Comment 1 Miroslav Suchý 2009-04-22 03:48:48 EDT
We did not parse the signature in our code.
The header object is created in /usr/share/rhn/common/rhn_rpm.py on line 267:
 hdr, is_source = rpm.headerFromPackage(file_desc)
So it seems that rpm-python did not correctly parse the rpm header. 

Hmm strange on RHEL4 I get even traceback:
# rpm --checksig 4Suite-1.0-3.i386.rpm
4Suite-1.0-3.i386.rpm: (sha1) dsa sha1 md5 gpg OK
# rhn_package_manager -v --channel="foo" 4Suite-1.0-3.i386.rpm
Red Hat Network username: admin
Red Hat Network password:
Connecting to http://xen30.englab.brq.redhat.com/XP
Uploading 4Suite-1.0-3.i386.rpm
Traceback (most recent call last):
  File "/usr/bin/rhn_package_manager", line 28, in ?
    rhn_package_manager.main()
  File "/usr/share/rhn/PackageManager/rhn_package_manager.py", line 125, in main
    upload.uploadHeaders()
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 343, in uploadHeaders
    verbose=self.options.verbose, nosig=self.options.nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 469, in _processBatch
    nosig=nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 424, in _processFile
    h = get_header(None, f.fileno(), source)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 619, in get_header
    h = rhn_rpm.get_package_header(filename=file, fd=fildes)
  File "/usr/share/rhn/common/rhn_rpm.py", line 274, in get_package_header
    hdr, offset = rpm.readHeaderFromFD(file_desc)
AttributeError: 'module' object has no attribute 'readHeaderFromFD'
Comment 2 Brandon Perkins 2009-04-23 12:07:51 EDT
Removing bug 496838 blocks bug 497059.
Comment 3 Tomas Lestach 2009-05-26 07:56:49 EDT
What I tried was:

I registered my client to the Proxy.
I created a custom channel and I subscribed my client to this channel. 

I downloaded couple of different packages from different repositories.

====================================================================
on proxy:

# rpm --resign <package>.rpm 
Enter pass phrase: 
Pass phrase is good.
<package>.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
# rpm --checksig <package>.rpm 
<package>.rpm: (sha1) dsa sha1 md5 gpg OK
(
I verified the signature owner by comparing the key ID
# rpm -v --checksig <package>.rpm
and
# gpg -K
)
# gpg --export -a <key_owner> > RPM-GPG-KEY-ko
# scp RPM-GPG-KEY-ko client:/tmp/

# rhn_package_manager -v --channel=<custom_channel> <package>.rpm
Red Hat Network username: <username>
Red Hat Network password: 
Connecting to https://<spacewalk_server>/XP
Uploading <package>.rpm
Uploading batch:
		<package>.rpm
Uploaded: <package>.rpm
Copying <package>.rpm to /var/spool/rhn-proxy/rhn/<package_name>/<package_version>/<package_arch>/<package>.rpm
====================================================================
on client:

# rpm --import /tmp/RPM-GPG-KEY-ko
# yum clean all
# yum install -y <package>.rpm
====================================================================

What did you do different?
Comment 4 Rob James 2009-05-26 12:36:18 EDT
Nothing different really. The version of Proxy was the 0.6 nightly up-to-date as of the date I added the bugzilla report. I'm afraid I've had to use that host for something else since then so I don't have a Spacewalk Proxy to test right now -- maybe Miroslav might be able to test again?
Comment 5 Tomas Lestach 2009-06-03 09:18:59 EDT
I tried to reproduce it again without any success. Passing to ON_QA to verify.
Comment 6 Miroslav Suchý 2009-09-10 08:05:57 EDT
Spacewalk 0.6 released

Note You need to log in before you can comment on or make changes to this bug.